VDB

CVE-2021-27391

CVE-2021-27391 PUBLISHED CVSS 10 CRITICAL

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

EPSS 2.86% · 86.5th percentile

Risk Scores

CVSS 2.0
10
EPSS Score
2.86%
86.5th percentile

Affected Products

VendorProductVersions
siemenstalon_tc_modular_\(bacnet\)_firmware0
SiemensAPOGEE MBC (PPC) (P2 Ethernet)All versions >= V2.6.3
siemenstalon_tc_compact_\(bacnet\)_firmware0
SiemensTALON TC Compact (BACnet)All versions < V3.5.3
siemensapogee_mbc_\(ppc\)_\(p2_ethernet\)_firmware0
SiemensAPOGEE PXC Compact (BACnet)All versions < V3.5.3
siemensapogee_mec_\(ppc\)_\(p2_ethernet\)_firmware0
SiemensAPOGEE PXC Modular (P2 Ethernet)All versions >= V2.8
siemensapogee_pxc_compact_\(p2_ethernet\)_firmware0
siemensapogee_pxc_modular_\(p2_ethernet\)_firmware0
SiemensTALON TC Modular (BACnet)All versions < V3.5.3
SiemensAPOGEE MEC (PPC) (P2 Ethernet)All versions >= V2.6.3
siemensapogee_pxc_bacnet_automation_controller_firmware0
siemensapogee_pxc_modular_\(bacnet\)_firmware0
SiemensAPOGEE PXC Modular (BACnet)*
SiemensAPOGEE PXC Compact (P2 Ethernet)All versions >= V2.8

Timeline

  • Apr 13, 2021 CVE Published
  • Sep 15, 2021 EPSS Score
  • Oct 5, 2021 EPSS Score
  • Nov 11, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jun 29, 2022 EPSS Score
  • Aug 27, 2022 EPSS Score
  • Oct 23, 2022 EPSS Score
  • Feb 15, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›